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(54) CERTIFYING SYSTEM AND TRANSACTION SYSTEM WITH THE CERTIFICATION 



(57) An optional information supplied from an 
authenticating equipment (1) or an agreement settled 
between an equipment (5) to be authenticated and the 
authenticating equipment is stored in a tamper-proof 
region in the data stored in the equipment to be authen- 
ticated during a predetermined period. A return data 
including the optional information, a data based on the 
optional information, or the data based on the agree- 
ment are supplied from the equipment to be authenti- 
cated to the authenticating equipment. Thereby a 
rightful user is authenticated, and a network usable by 
the rightful user based on the authentication is estab- 
lished, so that a suitable authentication and an exclu- 
sive single goods or services transaction can be 
executed. 
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Description 
TECHNICAL FIELD 

The present invention relates to a system of 
authentication, more particularly to a system of authen- 
tication for goods or services transactions and to a sys- 
tem of transactions incorporating such an 
authentication system. 

BACKGROUND ARTS 

A system using a personal computer communica- 
tion network is considered in which a user utilizes this 
network to purchase goods or download charged soft- 
ware and a communication center carries out automatic 
deduction from the account of the user in correspond- 
ence with the payment for the purchase through or not 
through a credit sales company. There exist needs, con- 
cerning the process of paying the charges or transfer- 
ring the goods, for a safe system having means for 
confirming a true user and means for ensuring a rightful 
transaction by the true user. Nevertheless, no such safe 
system has ever been successfully constituted. 

DISCLOSURE OF THE INVENTION 

According to the present invention there are pro- 
vided a system of authentication and a system of trans- 
actions incorporating an authentication system for 
goods or services transactions, in which tamper-proof 
secret regions are provided in the data stored in an 
equipment to be authenticated, an optional information 
supplied from an authenticating equipment to an equip- 
ment to be authenticated or an agreement settled 
between an authenticating equipment and an equip- 
ment to be authenticated is stored during a predeter- 
mined period in the tamper-proof regions, and return 
data including such optional data, data based on such 
optional data, or data based on such agreement is sup- 
plied to the authenticating equipment. 

According to the present invention there is also pro- 
vided a system of authentication in which a secret algo- 
rithm is stored in an authenticating equipment, an 
intrinsic identifier of its own, a secret algorithm, and an 
intrinsic identifier of the authenticating equipment are 
stored in an equipment to be authenticated, in a process 
of authentication the identifier of the authenticating 
equipment is applied to a secret algorithm of its own to 
produce an information possessed in common with the 
authenticating equipment on the side of the equipment 
to be authenticated, and in a process of authentication 
the identifier supplied by the equipment to be authenti- 
cated or acquired indirectly is applied to a secret algo- 
rithm of its own to produce an information possessed in 
common with the equipment to be authenticated on the 
side of the authenticating equipment. 

In the system of the present invention, when the 
system is applied to a personal computer communica- 



tion network for the sale of software, in which a user 
downloads software which the user wishes to purchase, 
and the communication network center (a communica- 
tion center) deducts the price of the purchased software 

5 from the account through a bank or a credit sales com- 
pany which the user has previously registered at the 
communication center, it is possible to prevent an unau- 
thorized user from purchasing software. 

In the system of the present invention, when the 

10 system is applied to a transaction between a supplier of 
goods or services (authenticating equipment) and a 
receiver of goods or services (an equipment to be 
authenticated), an optional information such as a ran- 
dom number is supplied to the user, the user stores the 

15 supplied optional information in a tamper-proof or secret 
region in the stored data, a return data is transmitted to 
the goods or service supplier, the return data is com- 
pared with the optional information, and the transaction 
is decided as rightful only when the compared data 

20 coincide or substantially coincide. Thus, it is possible to 
exclude transactions involving duplicate supplies of 
unauthorized goods or services, and accordingly to 
realize an exclusive single goods or services transac- 
tion. 

25 The equipment to be authenticated is located on 
the side of, for example, a user who purchases goods or 
services and pays the charges of the goods or services. 
The authenticating equipment is located on the side of, 
for example, a seller who sells goods or services, a 

30 claimant of the payment for the charge, or an agent of 
the claimant However, the situation is not limited to 
these examples, but may cover the locations of the 
sides of the persons related to the goods and services 
transaction. 

35 Users connected to the equipment to be authenti- 
cated in the system of the present invention may include 
a user who possesses, by purchase or lease, a portable 
or fixed apparatus having storage devices such as an 
integrated circuit card, a magnetic card, a floppy disk, 

40 an optical magnetic disc, a compact disk read only 
memory: CD ROM, and the like. 

A temporary period or a predetermined period con- 
nected to the period during which an information or an 
agreement is stored in some portion of the system of 

45 the present invention may be, for example, a period 
from the occurrence of necessity for an authentication 
to the completion of the authentication, or a period from 
the commencement of goods or services transaction to 
the completion of the payment of the charge. However, 

so the situation is not limited to these examples, but may 
cover various periods. 

An optional information supplied from the authenti- 
cating equipment to the equipment to be aiuthenticated 
may include, for example, voluntary data, random 

55 number data, an algorithm, and the like made by the 
authenticating equipment. However, the optional infor- 
mation is not limited to these examples, but may include 
any information made voluntarily by the authenticating 
equipment. 
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A tamper-proof or secret region is a region of which 
the equipment to be authenticated has no knowledge of 
the content, the existence, or the location of such 
region, or a region where the equipment to be authenti- 
cated cannot tamper with the content of such a region. 
A tamper-proof region is constituted mostly by a mem- 
ory device and the like. However, the tamper-proof 
region is not limited to these examples, but may be 
other kinds of device which perform similar functions. 
The meaning of the expression "tamper-proof" includes, 
for example, the physical impossibility of replacing the 
content or a substantial impossibility of replacing the 
content because of the instability or very short life of the 
replaced state after the replacement. An agreement 
preliminarily settled between the equipment to be 
authenticated and the authenticating equipment is, for 
example, an agreement that the data, which are syn- 
chronized necessarily between the equipment to be 
authenticated and the authenticating equipment and 
represent the date and time of the execution of the 
authentication, are used as a return data. However, the 
agreement is not limited to this example, but may be 
other kinds of agreement. 

Preferably, the process of an authentication is 
started from the state where each side possesses a 
code which is common to both parties. Such common 
code is. for example, an encryption key, and the KPS 
(key predistribution system) is preferable for such pos- 
session of the encryption key as the common code, 
from the viewpoint of the ease of the procedure and of 
increasing the number of the subscribers on the net- 
work. To execute an authentication between the equip- 
ment to be authenticated and the authenticating 
equipment, the use of the common code as the encryp- 
tion key and the communication of data therebetween 
by using encrypted data is effective and advantageous. 

The KPS system is a system in which an intrinsic 
algorithm of its own is applied to the identifier of the 
equipment of the other party to produce a key common 
with the equipment of the other party. The formation of 
a secret algorithm and the like is carried out mainly in 
the communication center equipment. The formed 
center algorithm is possessed exclusively by the com- 
munication center equipment. A secret algorithm exclu- 
sively possessed by both parties is formed by applying 
the identifier of the user equipment as the equipment to 
be authenticated, a software, or the identifier of the sup- 
plier of goods or services as the authenticating equip- 
ment. 

The formation of the communication center algo- 
rithm, the formation of the secret algorithm, the forma- 
tion of the commonly possessed encryption key. the 
definition of an entity and an identifier, and the method 
and content concerning the process to form an encryp- 
tion key are described, for example, in Japanese Unex- 
amined Patent Publication Nos. 63-36634 and 63- 
107667. 

Preferable methods for applying an identifier to a 
secret algorithm is described also, for example, in the 



article: Matsumoto. Takashima, and Imai, "Formation of 
Simplified Type Unidirectional Algorithm", Singakugiho 
(Technical Research Report of the Institute of Electron- 
ics, Information, and Communication Engineers of 

5 Japan) IT89-23, July, 1989. The operation of the com- 
munication center may be carried out by a user equip- 
ment as the equipment to be authenticated, by a 
supplier of goods or services as the authenticating 
equipment, or the combination of both parties. Herein- 

10 before, only a preferable method of using a key has 
been described. However, other methods may be used. 
For the encryption algorithm, available encryption algo- 
rithms such as, for example, the DES (data encryption 
standard), the FEAL (fast data encipherment algorithm) 

75 (registered trademark), and the like may be used. 

By using the technique according to the present 
invention, it is possible to suitably authenticate a rightful 
user, to establish a network usable by the rightful user 
based on the authentication, and to execute a suitable 

20 authentication and a suitable exclusive single transac- 
tion of goods or services. 

BRIEF DESCRIPTION OF THE DRAWINGS 

25 Figure 1 shows a general configuration of a trans- 
action system to which a system according to the 
present invention is applied; 
Figs. 2A and 2B show a system according to an 
embodiment of the present invention; 

30 Figs. 3A, 3B, 4A, 4B, 5A, 5B. 6A, 6B, 7A and 7B 

show the other systems according to the other 
embodiments of the present invention; and 
Figs. 8A, 8B and 8C show an example of the 
accounting operation in the system according to the 

35 present invention. 

BEST MODES FOR EMBODYING THE INVENTION 

The general form of a transaction system to which 

40 the system of the present invention is applied is shown 
in Fig. 1. A communication center equipment 1 receives 
a subscription request for the network from a user 
equipment 5. and then supplies a tamper-proof KPS 
encrypt/decrypt carrier including a secret algorithm 

45 which is specific to each user to the user equipment. 
Each of the communication center equipment and the 
user equipment connects such a carrier to an informa- 
tion terminal device such as a personal computer con- 
nected to the network. When the user equipment sends 

so a request to purchase a charged information or goods 
through the network, the communication center carries 
out an authentication of the user by using a tamper- 
proof KPS encrypt/decrypt carrier including the secret 
algorithm of the communication center equipment, the 

55 common key produced exclusively in the carrier for the 
user equipment and the carrier for the communication 
center equipment, and means which will be described 
hereinafter in detail. 

The production and the inputting of a secret algo- 
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rithm which is specific for each KPS encrypt/decrypt 
carrier may be carried out in any suitable location, such 
as in the communication center equipment, an exclusive 
center where the production and the inputting of the 
secret algorithm is carried out, or an equipment which 5 
produces the KPS encrypt/decrypt carrier. Instead of 
the KPS encrypt/decrypt carrier, software such as a pro- 
gram which can be executed in the information terminal 
device possessed by the user equipment may be used. 

The technique of the system according to the 10 
present invention may be applied to not only an 
accounting operation but also operations which require 
the authentication of the opposite party (user equip- 
ment) such as an access control in the CUG (closed 
user group) in a personal computer communication is 
service, a safe with an electronic lock, and the like. 

An example of the preparations prior to the authen- 
tication is that, 

first the user registers with the communication 
center the personal information (Pda) for the account, 20 
such as the password, the bank name, the account 
number, and the name; 

second, the communication center equipment 
prepares the KPS encrypt/decrypt carrier in which the 
secret algorithm Xc exclusive for the communication 25 
center is stored; and 

third, the communication center supplies each 
user equipment with the KPS encrypt/decrypt carrier in 
which the secret algorithm exclusive for each user 
equipment is stored. 30 

A system according to an embodiment of the 
present invention is shown in Fig. 2. The tamper-proof 
region 2 enclosed by a chain line included in the com- 
munication center equipment 1 is a region of the data 
that cannot be altered or tampered with. The tamper- 35 
proof region 6 enclosed by a chain line included in the 
user equipment 5 is a region of the data that cannot be 
altered or tampered with. The control of the calculation 
elements used in the KPS encrypt/decrypt carrier is 
subjected to a preliminarily input program, and the man- 40 
ner of this control cannot be altered from outside. The 
operations of the system of Fig. 2 are as follows. 

First, the user equipment supplies the communica- 
tion center equipment with the user identifier (KPSIDu), 
and the communication center equipment supplies the 45 
user equipment with the communication center identifier 
(KPSIDc); 

second, each of the user equipment and the 
communication center equipment produces the com- 
mon key (Kcu) by the KPS process with the application so 
of the identifier (KPSID) of the opposite party to the 
secret algorithm of its own; 

third, the communication center equipment gen- 
erates a random number r 0 for each communication, 
encrypts the random number by the common key (Kcu) ss 
to produce an encrypted random number (r 0 *), and the 
encrypted random number is sent to the user equip- 
ment The user equipment decrypts the encrypted ran- 
dom number by the common key (Kcu) to produce the 



random number r 0 ; 

fourth, the communication center encrypts an 
input request, i.e.. a question sentence (Qu) for a per- 
sonal information (Pda) such as password, bank name, 
account number, and name by the random number r 0 to 
produce the encrypted input request (Qu*), and tempo- 
rarily stores the date and time (T 0 ) of the transmission 
as a time stamp; 

fifth, the user equipment decrypts the encrypted 
input request Qu' by the random number r 0 to produce 
(Qu), confirms the decrypted data, inputs an answer 
(Pdb) for the personal information input request such as 
password, bank name, account number, and name, 
inputs the date and time (T^ of the inputting, to produce 
an answer data Ans, encrypts the answer data to pro- 
duce the encrypted answer data (Ans*), and transmits 
the encrypted answer data to the communication center 
equipment; and 

sixth, the communication center equipment 
decrypts the encrypted answer data Ans* by the random 
number r 0 to produce (Ans) to produce the personal 
information (Pdb) and the date and time (T-i), decides 
whether or not the produced Pdb and T-, coincide with 
the preliminarily registered Pda and the stored T 0 by a 
comparison, and decides as an authorized user equip- 
ment only when they coincide. Preferably, allowances 
are given to T 0 or T 1( since some delay can occur 
between T 0 and T^ 

The dates and times, T 0 and T 1f are used for pre- 
venting the repeated use of the encrypted data, r 0 \ Qu', 
and Ans'. Alternatively, any data which varies in syn- 
chronization between the communication center equip- 
ment and the user equipment may be used in place of 
the data and time. 

A system according to another embodiment of the 
present invention is shown in Figs. 3A and 3B. The sys- 
tem of Figs. 3A and 3B is preferable in the case where 
the data which varies in synchronization between the 
communication center equipment and the user equip- 
ment is not available. 

TTie operations of the system of Figs. 3A and 3B will 
be described. 

First, the user equipment 5 transmits the identifier 
(KPSIDu) of the user equipment to the communication 
center equipment, the communication center equipment 
1 transmits the identifier (KPSIDc) to the user equip- 
ment; 

second, each of the user equipment and the 
communication center equipment produces a common 
key (Kcu) by the KPS process by applying the identifier 
(KPSID) of the opposite party to the secret algorithm of 
its own; 

third, the communication center equipment gen- 
erates a random number r 0 for each communication, 
encrypts the random number by the common key (Kcu) 
to produce the encrypted random number (r 0 *), and 
transmits the encrypted random number to the user 
equipment, and the user equipment decrypts r 0 ' by the 
common key (Kcu) to produce the random number r 0 ; 
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fourth, the communication center equipment 
encrypts an input request (Qu) for the personal informa- 
tion (Pda) such as password, bank name, account 
number, name, and the like and the data (Den) gener- 
ated in the communication only for each communication 
by the random number r 0 to produce the encrypted data 
(QD*) and transmits the encrypted data to the user 
equipment; 

fifth, the user equipment decrypts the encrypted 
data QD* by the random number r 0 to produce Qu and 
Den, temporarily stores Den, confirms Qu by the display, 
inputs an answer (Pdb) for the input request for the per- 
sonal information such as password, bank name, 
account number, name, and the like, inputs the tempo- 
rarily stored Den, to produce the data Ans, encrypts the 
data by the random number r 0 to produce the encrypted 
data (Ans*), and transmits the encrypted data to the 
communication center; and 

sixth, the communication center equipment 
decrypts the data Ans 1 by the random number to pro- 
duce the data (Ans) consisting of the personal informa- 
tion (Pdb) and the generated data Den, decides whether 
or not these Pdb and Den coincide with the stored Pda 
and the previous Den by a comparison, and decides 
that the user is an authorized user only when they coin- 
cide. 

A system according to another embodiment of the 
present invention is shown in Figs. 4A and 4B. The sys- 
tem of Figs. 4A and 4B is preferable in the case where it 
is not possible to provide the data which is generated for 
each communication between the communication 
center equipment and the user equipment and the data 
is not repeatedly available. 

The operations of the system of Figs. 4A and 4B will 
be described. 

First, the user equipment 5 transmits the identifier 
(KPSIDu) of the user equipment to the communication 
center equipment and the communication center equip- 
ment 1 transmits the identifier (KPSIDc) to the user 
equipment; 

second, each of the user equipment and the 
communication center equipment produces a common 
key (Kcu) by the KPS process by applying the identifier 
(DPSID) of the opposite party to the secret algorithm of 
its own; 

third, the communication center equipment gen- 
erates a random number r 0 for each communication, 
encrypts the random number by the common key (Kcu) 
to produce the encrypted random number (tq), and 
transmits the encrypted random number to the user 
equipment, and the user equipment decrypts r 0 f by the 
common key (Kcu) to produce the random number r 0 ; 

fourth, the communication center equipment 
encrypts an input request for the personal information 
(Pda) and the random number r for each communication 
by the random number r 0 to produce the encrypted data 
(QuO, and the encrypted data is transmitted to the user 
equipment; 

fifth, the user equipment decrypts the encrypted 



data Qu' by the random number r 0 to produce Qu and r, 
and temporarily stores Qu and r; 

sixth, the user equipment generates the random 
number for each communication, and encrypts the 

s generated random number by the common key (Kcu) to 
produce the encrypted random number (r^), and trans- 
mits r{ to the communication center equipment, and the 
communication center equipment decrypts iy by the 
common key (Kcu) to produce the random number ^ ; 

10 seventh, the user equipment inputs the answer 

(Pdb) for the input request for the personal information, 
inputs the random number r, encrypts the input answer 
and the input random number to produce the encrypted 
answer (Ans*), and the encrypted answer is transmitted 

15 to the communication center equipment; and 

eighth, the communication center equipment 
decrypts the encrypted Ans' by the random number r 1 to 
produce the personal information (Pdb) and the random 
number r, decides whether or not the produced Pdb and 

20 r 1 coincide with the stored Pda and temporarily stored 
random number r by a comparison, and decides that the 
user is an authorized user equipment only when they 
coincide. 

The personal information Pda and Pdb may be 
25 used in various systems, including an accounting sys- 
tem, which require authentication, if the decision of 
coincidence by comparison is not carried out in the 
communication center equipment. The input request for 
the personal information from the communication center 
30 equipment and the personal information supplied from 
the user equipment may be replaced by various kinds of 
other data. 

The systems according to further embodiments of 
the present invention are shown in Figures 5A and 5B; 
35 6A and 6B; and 7A and 7B, respectively. 

The operations of the system of Figs. 5A and SB will 
be described. 

First, the user equipment 5 transmits the user 
equipment identifier (KPSIDu) to the communication 
40 center equipment 1 ; 

second, each of the user equipment and the 
communication center equipment produces the com- 
mon key (Kcu) by the KPS process by applying the iden- 
tifier (KPSID) of the opposite party to the secret 
45 algorithm of its own; 

third, the communication center equipment gen- 
erates a random number r 0 for each communication, 
encrypts the random number by the common key (Kcu) 
to produce (r 0 '). transmits the encrypted random 
so number r 0 * to the user equipment, and the user equip- 
ment decrypts the r 0 ' by the common key (Kcu) to pro- 
duce the random number r 0 ; 

fourth, the communication center equipment 
encrypts an input request, i.e., the question sentence 
55 (Qu) for the personal information (Pda) such as a pass- 
word, a bank name, an account number, a name, and 
the like by the random number r 0 , to produce (Qu*), and 
the encrypted data Qu' is sent to the user equipment. 
The communication center equipment stores temporar- 
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ily the date and time (T 0 ) as a time stamp; 

fifth, the user equipment decrypts the encrypted 
data Qu' by the random number r 0 to produce the data 
(Qu), confirms by display the data Qu, inputs an answer 
(Pdb) for the input request for the personal information 
such as a password, a bank name, an account number, 
a name, and the like, inputs the date and time (T^, to 
form the data Ans, encrypts the data to produce the 
encrypted data (Ans*). and transmits the encrypted data 
to the communication center equipment; 

sixth, the communication center equipment 
decrypts the encrypted Ans' by the random number r 0 to 
produce the data (Ans) including the personal informa- 
tion (Pdb) and the date and time (T^, decides by a com- 
parison whether or not the personal information Pdb 
and the date and time coincide with the stored Pda 
and T 0 , and decides that the user is an authorized user 
equipment only when they coincide. Preferably, allow- 
ances are given to T 0 or T 1 , since some delay can occur 
between T 0 and T-t . 

The operations of the system of Figs. 6A and 6B will 
be described. 

First, the user equipment 5 transmits the user 
equipment identifier (KPSIDu) to the communication 
center 1 ; 

second, each of the user equipment and the 
communication center equipment produces the com- 
mon key (Kcu) by the KPS process by applying the iden- 
tifier (KPSID) of the opposite party to the secret 
algorithm of its own; 

third, the communication center equipment gen- 
erates a random number r 0 for each communication, 
encrypts the random number by the common key (Kcu) 
to produce (to), transmits the encrypted random 
number r 0 , to the user equipment, and the user equip- 
ment decrypts the encrypted random number r 0 ' by the 
common key (Kcu) to produce the random number r 0 ; 

fourth, the communication center equipment 
encrypts an input request, i.e.. the question sentence 
(Qu) for the personal information (Pda) including a 
password, a bank name, an account number, a name, 
and the like, and a data (Den) generated for each com- 
munication in the communication center equipment, by 
the random number r 0 to produce the encrypted data 
(QD*), and transmit the encrypted data to the user 
equipment; 

fifth, the user equipment decrypts the encrypted 
data QD* by the random number r 0 to produce the data 
Qu and Den. temporarily stores Den, confirms Qu by the 
display, inputs an answer (Pdb) of the input request for 
the personal information including password, bank 
name, account number, name, and the like, inputs the 
temporarily stored Den, to produce a data Ans, encrypts 
the data to produce the encrypted (Ans*). and transmits 
the encrypted data to the communication center equip- 
ment; 

sixth, the communication center equipment 
decrypts the encrypted Ans' by the random number r 0 to 
produce the data (Ans) including the personal informa- 



tion (Pdb) and the data Den. decides by a comparison 
whether or not the personal information Pdb and the 
data Den coincide with the stored Pda and Den, and 
decides that the user is an authorized user equipment 

5 only when they coincide. 

The operations, of the system of Figs. 7A and 7B 
will be described. The system of Figs. 7A and 7B is pref- 
erable in the case where it is not possible to provide 
data which is exclusive for each communication and is 

10 not repeatedly available. 

First, the user equipment 5 transmits the identifier 
(KPSIDu) of the user equipment; 

second, each of the user equipment and the 
communication center equipment produces, by the KPS 

is process, the common key (Kcu) by applying the identi- 
fier (KPSID) of the opposite party to the secret algorithm 
of its own; 

third, the communication center equipment gen- 
erates a random number r 0 for each communication, 

20 encrypts the random number by the common key (Kcu) 
to produce the encrypted key (r^), and transmits the 
encrypted key to the user equipment, and the user 
equipment decrypt the encrypted key r 0 ? by the common 
key (Kcu) to produce the random number r 0 ; 

25 fourth, the communication center encrypts an 

input request for the personal information (Pda) and a 
random number r for each communication to produce 
the encrypted data (Qu*), and transmit the encrypted 
data to the user equipment; 

30 fifth, the user equipment decrypts the encrypted 

data Qu' by the random number to. and stores tempo- 
rarily the decrypted data Qu and random number r; 

sixth, the user equipment generates a random 
number r 1 for each communication, encrypts the ran- 

35 dom number by the common key (Kcu), to produce (r 1 X 
and transmits the encrypted random number iy to the 
communication center equipment, and the communica- 
tion center equipment decrypts the encrypted random 
number by the common key Kcu to produce the random 

40 number r-| ; 

seventh, the user equipment inputs an answer 
data (Pdb) for the input request for the personal infor- 
mation, inputs, the random number r. encrypts the input 
data by the random number r 1 to produce the encrypted 

45 data Arts', and transmits the encrypted data to the com- 
munication center equipment; and 

eighth, the communication center equipment 
decrypts the encrypted data Ans* by the random 
number r 1 to produce the personal information (Pdb) 

so and the random number r, decides by a comparison 
whether or not the personal information Pdb and the 
random number r coincide with the stored Pda and ran- 
dom number r, and decides that the user is an author- 
ized user equipment only when they coincide. 

55 The processes of the accounting operation of the 
system according to the present invention will be 
described with reference to Figs. 8A, 8B, and 8C. 

In the process shown in Fig. 8A, the user equip- 
ment 5 transmits an order to purchase goods or serv- 
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ices to a seller equipment. The method of the 
transmission is, for example, by telephone, by mail, and 
the like, but is not limited to specific methods. The state 
of a storage is made to be the write-enabled state. The 
seller equipment informs the receipt of the purchase 
order to the communication center equipment 1 . The 
communication center equipment transmits the data of 
the content of the accounting information storage to the 
storage for accounting in the user equipment and 
causes the user equipment to record the transmitted 
data. In some cases, a seller equipment is operated as 
the communication center equipment as well as the 
seller equipment. 

In the process shown in Fig. 8B. the user equip- 
ment 5 adds the content of the storage for the personal 
information to the content of the storage for the account- 
ing to produce the sum data, and transmits the sum 
data to the communication center equipment. The com- 
munication center equipment compares by the compa- 
rator the transmitted sum data with the data of the sum 
of the content of the storage for the personal information 
and the content of the storage for the accounting infor- 
mation. If the compared data coincide, the communica- 
tion center equipment transmits the information of the 
authentication of an authorized user to the seller equip- 
ment or the like. Based on this transmission of the infor- 
mation, a transfer of the goods or services is executed. 

In the process shown in Fig. 8C. the information of 
the cancellation of accounting information is transmitted 
from the communication center equipment to the user 
equipment, based on the payment of the charge by the 
user equipment. Based on the transmitted information 
of the cancellation of accounting information, the user 
equipment cancels the information of accounting in the 
storage for accounting. The cancellation of the informa- 
tion of accounting stored in the user equipment after the 
payment of the charge may be carried out exclusively by 
the communication center equipment via the communi- 
cation network. 

In the process of accounting, the common personal 
information are stored in the memory for the personal 
information. The common information may be an infor- 
mation formed based on the result of the communica- 
tions between the communication center equipment 
and the user equipment information determined based 
on a predetermined rule without such communication, 
or the like. It is preferable that a common environment 
for the communication center equipment and the user 
equipment, based on the common code for such the two 
equipments for each transaction, is constituted. One of 
the concrete means for realizing such common environ- 
ment is the common possession of an encryption key 
based on the KPS system. The communications 
between such the two eqiripments may be carried out 
by using the encryption. Under these circumstances, it 
is possible to prevent the storage for the accounting in 
the user equipment from being written arbitrarily. 

In the process shown in Figs. 8A to 8C, a concrete 
example of the communication center equipment 1 is a 



computer. The communication center equipment 1 may 
be, for example, an unmanned communication center 
equipment. Also, the communication center equipment 
1 may be a private computer of the user equipment or a 

5 terminal device of the exclusive use using the informa- 
tion media which is, for example, supplied on lease and 
finally returned. An example of such information media 
is a CD ROM in which a software including a plurality of 
programs and data is stored. This may be carried out in 

10 the manner that the side of the user equipment borrows 
a CD ROM, purchases only the software which the side 
of the user equipment selects to purchase, and returns 
the CD ROM. 

Also, the communication center equipment 1 may 
is be an equipment of an organization which has been 
established by the time of a transaction of goods or 
services, or of a seller of goods or services. 

The user equipment 5 may be a general-purpose 
type private computer of a user equipment, an exclusive 
20 terminal device for transaction of goods or services, or 
an exclusive type or a general-purpose attached device 
connected with such private computer. 

In the storage 101 and 503 for the personal infor- 
mation, common information is stored. In the storage 
25 102 for the accounting information, the information 
which is previously set by the communication center 
equipment is stored. It is desirable that the information 
which is previously set by the communication center 
equipment is secret to the user, a third party, or the like. 
30 The user equipment cannot, as a rule, exclusively 
tamper with any region of the storage for accounting. 
These regions may be some region of the storage of the 
general purpose computer of the user equipment, such 
as a floppy disk device, a hard disk device, an optical 
35 disk, or the like. Such regions are regions which the 
user equipment cannot exclusively acknowledge, or a 
region into which the data constituted by the encrypted 
data which cannot be decrypted by the user equipment, 
even if the user equipment could acknowledge the exist- 
40 ence of the region, is stored. The gate 502 of the user 
equipment controls allowableness or non-allowable- 
ness of the writing into the storage 501 for accounting. 

An example of the processes by which the opera- 
tions of the accounting is carried out by using a CD ROM 
45 will be described. In the user equipment, a CD ROM is 
purchased and connected to the private computer, and 
the software for the communication center equipment is 
read from the CDROM and causes the private computer 
to execute the software for the communication center 
so equipment. The user equipment designates a desired 
software. The storage for accounting is in the condition 
to allow the writing of the software for the communica- 
tion center equipment. The software for the communica- 
tion center equipment causes the storage for 
55 accounting to store the accounting data. 

In the next step, the software for the communication 
center equipment compares the data of the sum of the 
personal information and the accounting information in 
the communication center equipment and the data* of 
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the sum of the personal information and the accounting 
information to authenticate that the user equipment is 
an authorized one. If it is authenticated as an authorized 5. 
one, the software for the communication center equip- 
ment reads necessary software from the CD ROM and 5 
stores the read software in the storage in the user 
equipment. The user equipment receives a data of a 
receipt of a payment after the payment of the charge, 
inputs the data of the receipt in the routine of the cancel- 
lation of the storage of the data of the accounting to exe- 10 
cute the routine of the cancellation to cancel the 
information of the accounting. After the cancellation is 6. 
executed, the routine of the cancellation of the storage 
of the accounting is cancelled. 

15 

Claims 

1 . A system of authentication and a system of transac- 
tion incorporating such authentication system for 
goods or services transactions, characterized in 20 
that tamper-proof or secret regions are provided in 
the data stored in an equipment to be authenti- 
cated, an optional information supplied from an 
authenticating equipment to an equipment to be 
authenticated or an agreement settled between an 25 
authenticating equipment and an equipment to be 
authenticated is stored during a predetermined 
period in the tamper-proof or secret regions, and a 
return data including such optional data, a data 
based on such optional data, or a data based on 30 7. 
such agreement is supplied to the authenticating 
equipment. 

2. A system according to claim 1 , wherein a request 
signal and optional information is supplied from the 35 
authenticating equipment to the equipment to be 
authenticated, a return data and a data based on 
the request signal is supplied from the equipment to 

be authenticated to the authenticating equipment, 
and the optional information and the return data are 40 
compared in the authenticating equipment. 



the equipment to be authenticated. 

A system according to any of claims 1 to 4, wherein 
a communication encrypted by an encryption key is 
carried out between the equipment to be authenti- 
cated and the authenticating equipment, and an 
authentication and a transaction are executed 
under the condition of the common possessions of 
the encryption key by the equipment to be authenti- 
cated and the authenticating equipment. 

A system of authentication, characterized in that a 
secret algorithm is stored in an authenticating 
equipment, an intrinsic identifier of its own, a secret 
algorithm, and an intrinsic identifier of the authenti- 
cating equipment are stored in an equipment to be 
authenticated, in a process of authentication the 
identifier of the authenticating equipment is applied 
to a secret algorithm of its own to produce an infor- 
mation possessed in common with the authenticat- 
ing equipment on the side of the equipment to be 
authenticated, and in a process of authentication 
the identifier supplied by the equipment to be 
authenticated or acquired indirectly is applied to a 
secret algorithm of its own to produce an informa- 
tion possessed in common with the equipment to 
be authenticated on the side of the authenticating 
equipment. 

A system according to claim 6, wherein the secret 
algorithm held in each of the equipment to be 
authenticated and the authenticating equipment is 
produced by applying the identifier of its own to an 
algorithm for producing a secret algorithm. 



3. A system according to claim 1 , wherein a request 
signal is supplied from the authenticating equip- 
ment to the equipment to be authenticated, a return 45 
data based on the agreement and a data based on 
the request signal are supplied from the equipment 
to be authenticated to the authenticating equip- 
ment, the data based on the agreement and the 
return data are compared in the authenticating so 
equipment. 



4. A system according to claim 1, wherein, when 
goods or services are provided by the authenticat- 
ing equipment which supplies goods or services to ss 
the equipment to be authenticated which receives 
the goods or the services, the optional information 
or the data based on the agreement is stored in the 
tamper-proof or secret region in the data stored in 
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Fig.2A 
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Fig. 3 A 
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Fig .3B 
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Fig .4A 
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Fig . AB 
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Fig. 5 A 
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Fig.5B 
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Fig. 6 A 
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Fig .6B 
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Fig.7A 
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Fig .7B 
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